Cryptography – Key management – Having particular key generator
Reexamination Certificate
1999-12-30
2004-09-21
Darrow, Justin T. (Department: 2132)
Cryptography
Key management
Having particular key generator
C380S044000, C380S259000, C380S281000, C380S284000
Reexamination Certificate
active
06795555
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to an encryption scheme, and in particular to an encryption key exchange protocol for real-time applications.
BACKGROUND OF THE INVENTION
Though originally designed for the transmission of data, Internet Protocol (IP) networks are increasingly being used as an alternative voice communication tool. In recent years there have been many advancements and developments in the area of IP telephony, which refers to communication services e.g. voice, facsimile, and/or voice-messaging applications that are transported via an Internet Protocol network, rather than the Public Switched Telephone Network (PSTN). Telephone subscribers are drawn to IP telephony as an alternative to traditional forms of communications, especially for long-distance telephone calls, because it can offer cost savings relative to the PSTN. With the use of IP telephony, subscribers can bypass long-distance carriers and their per-minute usage rates and run their voice traffic over an IP network, such as the Internet, for a flat monthly Internet access fee. IP networks are increasingly being used for real-time non-telephony applications as well, including e-commerce applications.
The drawbacks to the use of IP networks are well known. Among these drawbacks are vulnerabilities that include (i) spoofing, in which one machine on the network masquerades as another, (ii) sniffing, in which an eavesdropper listens in on a transmission between two other parties, (iii) session hijacking, in which an attacker employing both of the above techniques misappropriates a transmission line and masquerades as one of the communicating parties and (iv) denial of service attacks, in which a party is denied service due to the improper intervention of an attacker.
An international working group organized under the Internet Engineering Task Force (IETF) has developed methods of securing Internet communications that alleviate, to some extent, all of the above vulnerabilities. These methods are known as the IP Security (IPSec) protocol suite, which are based on powerful encryption technologies to provide secured Internet communications. One aspect of IPSec is the Internet Key Exchange (IKE), a protocol that allows users to agree on a variety of issues, including authentication, encryption, selection of keys, etc. that allow for secure key and data exchange between users.
Internet Key Exchange (IKE) uses public key cryptography standards such as RSA and Diffie-Hellman to negotiate encryption keys between users. However, there are high computational overheads associated with the processing of public key algorithms. For this reason, public key algorithms are rarely used for the encryption of real-time data, such as that associated with telephony applications over IP networks. For such real-time applications, modern cryptographic systems utilize conventional symmetric key technology, while public key algorithms are typically limited to automate key distribution and management.
The calculation of symmetric or “session” keys for the bulk encryption of data is a processor-intensive operation. To meet the requirements for the speedy calculation of such encryption keys, hardware-based cryptographic accelerators have been developed, including cryptographic co-processors, chip sets, PC-boards, PCMCIA cards, etc.
However, for cost reasons, terminal devices (e.g. thin client IP telephony devices or e-commerce devices) used for secure applications over IP networks typically have limited processing resources. This makes secure key exchange and generation delays prohibitive during session set-up. For example, typical Diffie-Hellman key exchange would require up to 30 seconds on a low-end thin client.
What is not found in the prior art is an encryption scheme for use with such terminal devices for the secure transmission of data over IP networks that minimizes session set-up delays associated with the exchange of encryption keys.
SUMMARY OF THE INVENTION
As noted above, the prior art in secure Internet communication protocols was designed for data applications and services which typically operate between powerful servers and end terminals, such as personal computers (PCs). By contrast, the present invention is particularly useful for thin client devices with limited resources, and for transactions for which users have expectations of very little delay (e.g. session set-up).
The present invention involves a number of steps, the first of which is the negotiation of secret encryption session keys between a key distribution broker (or simply “key broker”) and thin clients. Subsequent steps involve the refreshing of encryption keys at the end of each session thereby limiting exposure and vulnerability to security attacks. The preset invention enables session keys to be changed on a per session basis without the delays associated with typical open channel key exchange protocols such as IKE.
The method of the present invention operates in a consistent fashion for two-party, three-party and multi-party services structures, and across network boundaries.
Through the use of the key broker, session set-up delays associated with key exchange are reduced. A lightweight protocol enables the use of low cost thin end terminal devices. A limited lifetime for such session keys provides enhanced security through reduced exposure.
The method of the present invention is compatible with prior art security protocols. First, a secure channel between network elements is initiated using prior art techniques (e.g. shared secret, IKE, Diffie-Hellman, RSA, out of band methods such as pre-shared keys or passwords, etc.).
Then, security is maintained by refreshing encryption keys after each session under cover of an existing key. Perfect Forward Security (PFS) can be provided by “breaking the chain” through periodic key refreshes during system idle times.
In accordance with an aspect of the present invention there is provided a method of distributing encryption keys in a network including (i) a key broker negotiates encryption key K
1
with a first party; (ii) the key broker negotiates encryption key K
2
with a second party; (iii) the key broker encrypts K
2
with K
1
; and, (iv) the key broker forwards the encrypted K
2
to the first party.
In accordance with another aspect of the present invention there is provided a method of distributing encryption keys in a network including (i) a key broker negotiates encryption key K
1
with a first party; (ii) the key broker negotiates encryption key K
2
with a second party; (iii) the key broker negotiates encryption key K
3
with a third party; (iv) the key broker encrypts K
2
with K
1
and forwards said encrypted K
2
to the first party; and, (v) the key broker encrypts K
2
with K
3
and forwards said encrypted K
2
to the third party.
In accordance with another aspect of the present invention there is provided a method of distributing encryption keys between a first network and a second network including: (i) a first key broker connected to the first network negotiates encryption key K
1
with a first party; (ii) a second key broker connected to the second network negotiates encryption key K
3
with a second party; (iii) the first key broker negotiates K
2
with the second key broker; (iv) the second key broker encrypts K
3
with K
2
; (v) the second key broker forwards the encrypted K
3
to the first key broker; (vi) the first key broker decrypts K
3
with K
2
; (vii) the first key broker encrypts K
3
with K
1
; and (viii) the first key broker forwards the encrypted K
3
to the first party.
In accordance with yet another aspect of the present invention there is provided a computer program product for programming a key broker in a network, the computer program product having a medium with a computer program embodied thereon, the computer program having computer program code that: (i) negotiates encryption key K
1
between the key broker and a first party; (ii) negotiates encryption key K
2
between the key broker and a second party; (iii) encrypts K
2
with K
1
; and, (iv) forwards the encrypt
Lee Michael C. G.
Parisien Brian R.
Darrow Justin T.
Nortel Networks Limited
Zand Kambiz
LandOfFree
Encryption key exchange protocol does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption key exchange protocol, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption key exchange protocol will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3215719